Why I can’t use \0 \x00. How I shell do?
For example just try detect Some DNS_A recordt’s:
^.*\0\x01\0\x01$
but in RouterOS it’s shell be:
^.*\x01.\x01$
I can catch another packet \x01\x01.\x01$ as example. But it’s DNS_CAA.
Somebody can fix it?
I played with this before (e.g. here) and in short, RouterOS does not like nulls in L7.
If you try to put null in regexp using \x00, it does not allow that. It does allow to enter \0, but I’m wondering what it might understand it to be. It definitely does not match nulls here.
Also when trying to match using L7, it first drops all nulls and tests the result. So to find any A record question for any domain, this should work ok:
[a-z]\x01\x01$
I think you can emulate a \x00 with a [^\x01-\xff] – NO SORRY IT DOES NOT WORK
Good idea, but unfortunately you cannot 
Looks like they use null-terminated strings for matching, so there’s no nulls in the input data for L7
Unfortunately current regexp engine does not allow to match \x00.
May be it’s add in 7.x core?